Insights

On April 11, 2025, the U.S. Department of Justice (DOJ) issued guidance regarding the implementation and enforcement of the newly enacted final rule, “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” now referred to as the Data Security Program (DSP). The release included an Implementation and Enforcement Policy, a Compliance Guide, and Frequently Asked Questions (FAQs). Collectively, these documents are designed to help entities subject to the DSP understand and comply with the obligations set out under the Final Rule.

As digitalization has become more ubiquitous and attacks surfaces widened, the number of cyberattacks have correspondingly increased. In 2024, ransomware attacks in particular grew in their frequency and impact. In an effort to enact more stringent policy approaches, governments introduced over 170 data protection laws between 2023 and 2024. With not a single company immune from these regulatory winds, industry must keep a close watch.

On February 18, President Trump issued an Executive Order titled “Ensuring Accountability for All Agencies” that directs independent agencies (as well as Cabinet Departments and their sub-agencies) to route all “proposed and final significant regulatory” and budgetary actions through the White House and the Office of Management and Budget. If implemented to its full extent, this action will significantly strengthen the authority of the White House by weakening the political autonomy of these independent agencies. As an assertion of the President’s inherent powers under Article II of the U.S. Constitution, it also stands to weaken congressional influence over these independent agencies, both through the appropriations and confirmation processes.

Significant shifts in U.S. technology policy are taking shape at the start of the new administration. This is especially true in the field of artificial intelligence (AI), where President Trump revoked President Biden’s Executive Order 14110, titled “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” as part of his flurry of Day One executive actions. The administration is now moving quickly to put its own stamp on this area in an effort to strengthen U.S. AI leadership and competitiveness and outpace other nations, particularly the People’s Republic of China.

Crowell Global Advisors joined the industry delegation to the 5thASEAN Digital Ministers’ Meeting (ADGMIN) hosted by Thailand from January 16-17, 2025. The official theme for this year was “Secure, Innovative, Inclusive: Shaping ASEAN’s Digital Future,” with a focus on promoting safe adoption of emerging technologies by ASEAN Member States (AMS).

In a move that underscores the evolving landscape of global data governance, China announced a new initiative aimed at fostering cross-border data flows. On November 17, Chinese President Xi announced the launch of a “Global Cross-Border Data Flow Cooperation Initiative” while attending the Asia Pacific Economic Cooperation (APEC) leaders meeting in Lima, Peru. The following day, the Cyberspace Administration of China released further details about the initiative, which frames China as a proponent of non-discriminatory and cooperative data policies. However, closer analysis reveals a complex interplay of geopolitical, economic, and regulatory factors behind this initiative.

While it is unclear at this stage what exactly a second Trump administration means for U.S. digital, technology, and trade policy, one thing that is clear is that it will involve major changes, especially as it relates to the potential for high, broad tariffs. Media reports and commentary and recent personnel appointments give some early clues on what else a second Trump administration may do. It is an open question as to which Biden administration policies a second Trump administration keeps, revises, or scraps (like Biden administration executive orders on artificial intelligence) and which policies and strategies from the first Trump administration it revives or revises. It is also unclear the extent to which a second Trump administration will consider the interests of allies and close trading partners and whether the Trump administration will pursue its own vision for global technology governance at the G7 and other fora.  

The U.S. Department of Commerce unveiled a groundbreaking analytic risk assessment tool to inform the U.S. government’s efforts in mitigating supply chain risks. Launched at the inaugural Supply Chain Summit hosted by the Department of Commerce and the Council on Foreign Relations on September 10, 2024, the SCALE Tool marks a significant milestone in the U.S. government’s broader commitment to strengthening the U.S. supply chain ecosystem. 

Amid the continued exponential rise and adoption of artificial intelligence (AI) systems, the Council of Europe set a unique precedent earlier this year by adopting the first-of-its-kind legally binding international AI framework. Aimed at ensuring the respect of human rights, the rule of law, and democracy in the use of AI systems, the framework strikes an important balance in addressing the risks throughout the lifecycle of an AI system without hampering innovation.

As the world grapples with elections, continuing inflation, and political conflicts, world leaders are attempting to negotiate two legally binding treaties aimed at solving global health and environmental challenges. The recent negotiations of the World Health Organization’s (WHO) Pandemic Treaty and the United Nation’s (UN) Plastics Treaty – which seemingly went unnoticed in busy news cycles – offer crucial insights on multilateralism and the role that industry can play in shaping global policy.

The Cyber Security Agency of Singapore (CSA) is currently in the process of introducing the first ever amendments to its Cybersecurity Act (CS Act) 2018 via the Cybersecurity (Amendment) Bill.  Through these Amendments, CSA is looking to account for advancements in Singapore’s technology and business landscape since 2018.  It is also hoping to holistically enhance the cybersecurity of not only the country’s critical information infrastructure (CII) but also other digital infrastructure important for Singapore’s economy.

C&M International’s Asia-based digital policy team joined an industry delegation last week at a key gathering to discuss Southeast Asia’s future digital economy. Singapore hosted the 4thASEAN Digital Ministers’ Meeting (ADGMIN) from 30 January to 02 February, 2024 under the theme “Building an Inclusive and Trusted Digital Ecosystem”. Josephine Teo, Singapore’s Minister for Communications and Information, chaired the meeting alongside her counterpart from Thailand, Prasert Jantararuangtong, Minister of Digital Economy and Society as the Vice Chair.

On 15 December 2023, the Cyber Security Agency of Singapore (CSA) opened stakeholder consultation on its draft Cybersecurity (Amendment) Bill 2023. This draft Bill is the first review of the Cybersecurity Act 2018 and aims to enhance Singapore’s cyber resilience in the face of the country’s increasing digitalization.

On October 30, 2023, President Biden released an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI).  This landmark EO seeks to advance the safe and secure development and deployment of AI by implementing a society-wide effort across government, the private sector, academia, and civil society to harness “AI for good,” while mitigating its substantial risks.

On September 28, 2023, the Cyberspace Administration of China (“CAC”) published the draft Provisions on Regulating and Promoting Cross-Border Data Flows (“Draft Provisions”) for public consultation.

The summer has been anything but slow in the People’s Republic of China. China is leaning into its regulation of emerging technologies, while attempting to strike a balance with its domestic economic priorities. In just the past few weeks, state authorities have issued a slew of draft measures and announced new initiatives – all with significant ramifications for businesses processing data within the PRC. From personal information processing to facial recognition to cross-border data transfers, what follows is a highlight reel of what you may have missed while you were away on vacation, with the comment period for many of these developments closing within the next few weeks.

On June 18, 2023, the Biden-Harris administration announced the launch of a new “U.S. Cyber Trust Mark” program (hereinafter the “Program”). First proposed by Federal Communication Commission (“FCC”) Chairwoman Jessica Rosenworcel, the Program aims to increase transparency and competition across the smart devices sector and to assist consumers in making informed decisions about the security of the devices they purchase.

Beginning on February 8, the members of the Indo-Pacific Economic Framework (IPEF), the Biden-Harris Administration’s signature economic initiative in the Asia-Pacific, held the next framework negotiating round. This round advanced the arrangement’s supply chains, clean economy, and fair economy pillars and continued to build on the negotiating text that was tabled at the last negotiating round. Notably, it did not include negotiations on the trade pillar, of which India is not a member. The Asia-Pacific Economic Cooperation (APEC) Leaders’ Summit, which will be held in San Francisco in late 2023 has been cited as a tentative target date by which the parties hope to conclude the negotiations.

On 28 November, the European Union adopted the Corporate Sustainability Reporting Directive (hereafter: “CSRD”), succeeding the Non-Financial Reporting Directive (hereafter: “NFRD”) and ushering in the next era of sustainability reporting. Here are seven questions and responses to help your company prepare in the countdown to CSRD implementation.